Who is bobby tables

Mmm, the WHERE with parentheses around the arguments is rather unusual, but at least it avoids a syntax error It would also explain why the database connection isn't in read-only mode.

Actually, in this example the first query "add a new record That said, the presence of the second column is helpful to show why commenting is required; and since one cannot change Bobby's name, it's probably best leaving as-is with little more than this observation as a footnote.

I'm not sure that correcting that would improve the answer clarity, though. Show 6 more comments. Arsen Khachaturyan 6, 4 4 gold badges 35 35 silver badges 37 37 bronze badges. This is much better then the highest voted, because it explains the closing parenthesis. By the way, there is no way for the school director in the comics to be aware or the XSS since the student table is deleted, he can't know who has done this. Sometimes all queries are logged, and sometimes other logged info can help you deduce culprit.

Add a comment. Johannes Fahrenkrug Johannes Fahrenkrug No, ' isn't a comment in SQL, but a delimiter. MikeMitchell 32 7 7 bronze badges. PhiLho PhiLho All code examples in this answer were run on a PostgreSQL 9. The result? SqlParameters are not sanitized. They are just interpreted as data only, and never interpreted as code. This is the correct way to do things, keep data and code separate — Charlieface. This is why bind parameters are a good thing.

Dan Vinton Dan Vinton Robert Koritnik Peter Mortensen 29k 21 21 gold badges 97 97 silver badges bronze badges. Jorn Jorn 17k 15 15 gold badges 68 68 silver badges bronze badges. Joel Coehoorn Joel Coehoorn k gold badges silver badges bronze badges.

Paul Tomblin Paul Tomblin k 56 56 gold badges silver badges bronze badges. It was my first thought, but you get a syntax error with the trailing closing parenthesis, no? That's why there is a -- at the end, indicating the remaining text is a comment and should be ignored. Rockcoder Rockcoder 7, 3 3 gold badges 31 31 silver badges 41 41 bronze badges.

Skip to content. Contact Us. Sign In. The Sad Story of Mr. Null and Little Bobby Tables. People have exactly one full name which they go by.

Other sites: Czech: bobby-tables. Fork the bobby-tables repository at github , make your changes, and send me a pull request. Add an issue in the issue tracker. Email me, Andy Lester, at andy at petdance.

To do Explain why creating code from outside data is bad. As far as I know, the guy was tired of spamer bots scanning the public registry for mailing addresses:. I recently heard about a man with the surname Null. Many systems would not accept this as valid input. And the many cases of a name which included a string that was considered a curse word by the system authors….

Sam — You should explain what your software company does here — I sure your will pick clients up. Also, did you do this to show the spam originating for Companies House registration? If so how effective? What exactly is this font or text effect.